//package com.myprojects.common.config;
//
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.beans.factory.annotation.Qualifier;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.core.userdetails.UserDetailsService;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//
///**
// * 配置类<br>
// * 该配置类会在全部依赖于该项目的项目中生效
// */
//@EnableWebSecurity//开启MVC security安全支持
//public class SecurityConfig extends WebSecurityConfigurerAdapter {
//
////    @Autowired
////    private DataSource dataSource;
//
////    @Qualifier("userDetailServiceImp")
////    @Autowired
////    private UserDetailsService userDetailsService;
//
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
////        super.configure(http);
//
//        // 自定义用户授权管理
//        http
//                //If you are using Spring Security,
//                // make sure to enable CORS at Spring Security level as well
//                // to allow it to leverage the configuration defined at Spring MVC level.
////                .cors().and()//自己加的
//                .authorizeRequests()
//                .antMatchers("/**").permitAll()
//                // 需要对static文件夹下静态资源进行统一放行
////                .antMatchers("/login/**").permitAll()
////                .antMatchers("/detail/common/**").hasRole("common")
////                .antMatchers("/detail/vip/**").hasRole("vip")
//                .anyRequest().authenticated()
//                //禁止csrf(除GET方法以外所有方法没有token时不能被访问)
//                .and().csrf().disable();
//
//        // 自定义用户登录控制
////        http.formLogin()
////                .loginPage("/userLogin").permitAll()
////                .usernameParameter("username")//网页表单中name为username的项作为用户名
////                .passwordParameter("password")//网页表单中name为password的项作为密码
////                .defaultSuccessUrl("/")
////                .failureUrl("/userLogin?error");
//
//        // 自定义用户退出控制
////        http.logout()
////                .logoutUrl("/mylogout")
////                .logoutSuccessUrl("/");
//
//        // 定制Remember-me记住我功能
////        http.rememberMe()
////                .rememberMeParameter("rememberme")
////                .tokenValiditySeconds(200)
//                // 对cookie信息进行持久化管理
////                .tokenRepository(tokenRepository())
//        ;
//        System.out.println("common包中SecurityConfig创建完成");
//    }
//
////    @Override
////    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
////        PasswordEncoder encoder = new BCryptPasswordEncoder();
////
////        /*  ------------使用JDBC进行验证的方式------------  */
////        String userSQL = "select username,password,valid from t_customer " +
////                "where username = ?";
////        String authoritySQL = "select c.username,a.authority " +
////                "from t_customer c,t_authority a,t_customer_authority ca " +
////                "where ca.customer_id = c.id and ca.authority_id = a.id and c.username =?";
////
////        auth.jdbcAuthentication()
////                .passwordEncoder(encoder)
////                .dataSource(dataSource)
////                .usersByUsernameQuery(userSQL)
////                .authoritiesByUsernameQuery(authoritySQL);
////        /*  ---------------------------------------------  */
////
////        /*  -------使用UserDetailsService进行验证的方式------  */
////        auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
////        /*  --------------------------------------------  */
////    }
//
////    /**
////     * 持久化Token存储
////     * @return
////     */
////    @Bean
////    public JdbcTokenRepositoryImpl tokenRepository(){
////        JdbcTokenRepositoryImpl jr=new JdbcTokenRepositoryImpl();
////        jr.setDataSource(dataSource);
////        return jr;
////    }
//}
